NAB has implemented privileged access management (PAM) in multiple operational areas to help protect against growing external and internal threats to personal and proprietary information.
The bank has onboarded hundreds of business critical applications and tens of thousands of accounts to CyberArk’s privileged access management, according to a new case study.
The organisation’s enterprise-wide PAM program is designed to balance access to critical information with the strict controls required to hold sensitive customer personally identifiable information (PII) and other valuable data.
Priveleged account credentials are of substantial value to attackers and other bad actors, often used to plan or escalate attacks inside of a corporate network.
The NAB case study notes that privileged access isn't limited only to personnel.
"Privileged access can be given to system admins and other users, but also be granted to applications and machines," the case study said.
"As financial systems grow in size and complexity, privilege is everywhere - in administration accounts, in business applications, in the software development pipeline and in many areas of operational technology as well.
"Now more than ever, strong PAM is key to allowing banks to move with agility to capture new opportunities without jeopardising their brand or regulatory compliance."
The bank’s enterprise security division took a phased approach to PAM, beginning with migrating all privileged credentials associated with critical infrastructure and high priority business applications into CyberArk.
The team plans to expand the program to new areas of the organisation and is working with a number of its infrastructure and application teams to audit accounts and technology assets to evaluate the strength of existing controls.
NAB has also moved its CyberArk environment to run in the cloud.
“By moving CyberArk to the cloud, we’re empowering our users with higher levels of availability and scalability, while paving the way for advanced PAM use cases to help secure the business as it grows,” NAB's privileged access management (PAM) manager Joel Harris said.
“This isn’t just a compliance check-box exercise, we’re actively designing and aligning policies to cybersecurity best practices to strengthen overall security posture and align internal teams.
“With policy and architecture teams on our side, we’re collaboratively designing controls and evolving policies - bringing them into close alignment to drive internal adoption, and potentially, better protect the organisation."